Privacy Policy
PERSONAL DATA PROTECTION AND PROCESSING POLICY
SECTION 1 - INTRODUCTION
The protection of personal data is of utmost priority for [25 Proje Teknoloji Limited Şirketi] (the "Company"). The Company’s Policy on the Protection and Processing of Personal Data (the "Policy") sets out the principles adopted by the Company for conducting the personal data processing activities undertaken by our Company and the fundamental principles adopted with respect to the compliance of our Company’s data processing activities with the requirements laid down in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation”, the “GDPR”), whereby our Company informs the personal data subjects and ensures necessary transparency. Your personal data are processed and protected pursuant to this Policy, in full awareness of our responsibility within this scope.
This Policy concerns the personal data pertaining to the persons, WİTHİN the employees of our Company, which are processed by automatic means or other than by automatic means which form a part of the filing system or are intended to form part of a filing system, regardless of their format (electronic or by paper).
SECTION 2 – CONTROLLER AND DATA PROTECTION OFFICER
2.1 Controller
25 Proje Teknoloji Limited Şirketi (the “25 Proje”), Evliya Çelebi Mahallesi Sadi Konuralp Cad. IKSV Vakfı Apt. No: 5/2 Beyoğlu/İSTANBUL, reachable at +90 212 924 24 10 and www.25proje.tech is responsible for the processing of your personal data through the application portal. This company of the 25 Proje determines the purpose and means of processing your personal data in connection with the use of the application portal. Therefore, this company is the controller according to Article 4 (7) of the General Data Pro-tection Regulation (GDPR).
Furthermore, that company of the 25 Proje, which is advertising the specific position to be filled, is responsible for the processing of your personal data. This company receives your applicant data in order to be able to make a decision regarding the selection of candidates. In connection with the pro-cessing of your applicant data, this company is an independent data protection controller within the meaning of Article 4 (7) GDPR.
This data protection information refers to the data processing activities carried out by 25 Proje in connection with the application process, as well as the data processing activities carried out by 25 Proje (hereinafter referred to as “we” or “us”) on the data processed in the course of providing the company's services.
2.2 Data Privacy Officer
You can reach the Data Privacy Officer at:
law@25proje.tech
2.3 Data Protection Officer
In the following you will find the contact details of the Data Protection Officer according to Article 37 ff GDPR:
Kamil Mercimek Evliya Çelebi Mahallesi Sadi Konuralp Cad. IKSV Vakfı Apt. No: 5/2 Beyoğlu/İSTANBUL +90 212 924 24 10 law@25proje.tech
SECTION 3 - PURPOSES AND LEGAL BASIS OF PRO-CESSING
We process your data for the following purposes and on the basis of the following provisions, where-by the legal basis for data processing also results in particular from the respective law of the member state to which the controller is subject.
MAIN PURPOSES (PRIMARY)
Planning and execution of human resoruces policies and processes of our company carrying out of the necessart works by our relevant buisness units for the performance of the commercial activities conducted by the company and the execution of the related business processes.
Carrying out of the necessary works by our business units fort he benefist by the data subjects from the products and services offered by the Company and the execution of the related business processes.
Planning and execution of the commercial and business strategies of the Compant.
Customization of the products and services offered by the Company satisfaction activities according to the tastes, habits of use and needs of the data subjects and planning and ecevution of the activities required fort he offering and advertising thereof to the data subjects.
Ensuring the legal, technical and commercial-business security of the Company and the data subjects in a planning and execution of operational business Company relationship with the activities necessitated to ensure compliance Company of Company activities with Company procedures and applicable legislation.
The registration information is processed to perform our contract with you and the direct marketing is subject to our legitimate interest.
to create your account for the app in accordance with your request
SUB-PURPOSES (SECONDARY)
Execution of staff recruitment process
Planning and execution of prcocurement chain management processes.
Event management.
Planning and execution of manufacturing and operation precesses.
Planning, auditing and execution of information securtiy procesess.
Planning and execution of corporate cımmunication activities.
Monitoring of finance and accounting works.
Planning and execution of information Access authorizations of business partners and suppliers.
Setting up and management of information Technologies infrastucture.
Planning and execution of processes of sales of products and services.
Follow-up of customer requests and complaints.
Planning and execution of customer relations management processes.
Management of relationship with business partners and suppliers.
Planning and execution of customer services satisfaction activities.
Planning and execution of market research fort he sale and marketing of products and services.
Follow-up of legal works
Ensuring the security of the Company’s sites and facilities.
Planning and execution of the audit activities of the Company.
In order to operate the applications on our Company's projects and also Company or projects websites, technically necessary data is processed. This includes, for example, IP address, browser type, location, browser language, operating system, referring and exiting pages as well as URLs, error logs and other similar information, in particular cookies. When you create an account and use the application portal, we process this required data.
The legal basis for this is Article 6 (1) (f) and (b) GDPR.
If such necessity does not exist, the processing of your personal data may also be ased on our overriding legitimate interests in certain cases. However, this only applies if your privacy interest does not outweigh our interests. We have a legitimate interest in processing your personal data during the business relationship. The relevant interests of our company are those relating to the performance of the contract, internal Administrative purposes, operating and facilitating communication, improving processes and organization, general security and protection of assets, technical provision of IT solutions, IT security, and initiating, maintaining, and managing relationships with our business partners. If we receive your contact details in connection with the sale of a product or service, we may therefore use them for advertising purposes in connection with similar products or goods. You can object to this processing at any time. Furthermore, we also process those data that are technically mandatory for the provision of IT solutions. These are your IP address, browser type, browser version, browser language, operating system, etc. We have a legitimate interest in processing your personal data for such purposes in the course of the employment relationship.We have also a legitimate interest in processing your personal data in the course of the technical provision of the application portal, otherwise the application process cannot be offered in digital form.
The legal basis for this is Article 6 (1) (f) GDPR.
The 25 Proje Applications such as Inmanage.io and KargaKarga collects your device’s location, which helps the Service Provider determine your approximate geographical location and make use of it in the following ways:
• Geolocation Services: The Service Provider utilizes location data to provide features such as personalized content, relevant recommendations, and location-based services.
• Analytics and Improvements: Aggregated and anonymized location data helps the Service Provider analyze user behavior, identify trends, and improve the overall performance and functionality of the Application.
• Third-Party Services: Periodically, the Service Provider may transmit anonymized location data to external services. These services assist in enhancing the Application and optimizing their offerings.
The legal basis for this is Article 6 (1) (f) and (b) GDPR.
In certain instances, the processing of your personal data may also rely on your explicit consent. In such cases, we will clearly inform you and seek your consent. The decision to provide consent is entirely voluntary, and there will be no adverse consequences should you choose not to consent. If the processing is carried out based on your consent, you retain the right to withdraw your consent at any time, with effect for the future.
The legal basis for this is Article 6 (1) (a) GDPR.
The 25 Proje acquires the information you supply when you download and register the Application. Registration with the Service Provider is not mandatory. However, bear in mind that you might not be able to utilize some of the features offered by the Application unless you register with them. The Service Provider may also use the information you provide to contact you from time to time to provide you with important information, required notices, and marketing promotions.
The legal basis for this is Article 6 (1) (f) and (b) GDPR.
The 25 Proje do not acquires any of childrens (under 13) data. If you are a parent or guardian and you are aware that your child has provided personal information, please contact with us.
The 25 Project web sites are processing data of cookies. For detailed notification you can visit the website below[EÇ1] :
www.inmanage.io
SECTION 4 – DATA SUBJECTS
DATA SUBJECT
Customer/Potential Customer
Visitor
Third Person/Party
Prospective/Candidate Employee
Company Shareholder
Company Officer
Employees, Shareholders and Officers of the Organizations Collaborated with
DESCRIPTION
Natural persons who use or have used or who are planned to use the products and services offered by our Company, regardless of whether there is a contractual relationship with our Company or not
Natural persons who have entered the physical sites of our Company for various purposes or who have visited our websites
Third party natural persons who are associated with the aforementioned persons in order to ensure the security of the commercial trasnactions between our Comapnt and such persons or to protect the rifhts thereof or to reive benefits thereto (e.g. sureties, family members and relatives)or other natural persons who are not covered by this Policy or the Policy on the Protection and Processing of The Personal Data Policy of our Company
Natural persons (including prospective/candidate interns) who have made a job application, through any means, or made their remes or relevant information acailable for examination by our Company
Natural persons who are shareholders of our Company
Members of the board of directors or other authorized natural persons of our Company
Natural members who work at the organizations with which our Company maintains any business relationship including the shareholders and officers of such organizations
CATEGORIES OF PERSONAL DATA
Identıfıcatıon Details
Contact Details
Location Data
Processing Security Details
Financial Details
Marketing Details
DESCRIPTION
Data including the identification details of the person: documents such as driving license, ID card and passport containing information such as name- surname, Turkish ID number, nationality, place and date of birth, sex, and tax number (if applicable), SSI number (if applicable), vehicle registration plate
Phone number, address, e-mail adress etc.
Details about the location data from the use of our products and services
Your personal data which are processed in order to ensure our technical, administrative, legal and commercial security while conducting our commercial activities (such as log records)
Data such as bank account number, IBAN, credit card details, financial profile, asset data, income details; which clearly pertain to an identified or identifiable natural person and which are processed wholly or partly by automatic means or otherwise than by automatic means as a part of the filing system
Personal data which are processed by means of the customization of our products and servies according to the habits of use, tastes and needs of the personal data subjects and the marketing thereof adn the report and evaluations generated in consequence of the result of such processing
SECTION 5 – TRANSFER TO THIRD PARTIES/RECIPIENTS
Our company may share its customers personal data with the following categories of individuals.
RECIPIENTS OF DATA TRANSFERRS
Business Partner
Supplier
Legally Authorized Public Institutions and Organizations
Legally Authorized Private Law Persons
DEFINATION
Third parties that provide services to our company in line with our data processing objectives and instructions, within the scope of conducting our company's commercial activities.
Public institutions and organizations authorized to request information and documents from our company under applicable legal provisions, such as the Capital Markets Board (CMB), Energy Market Regulatory Authority (EMRA), and Competition Board.
PURPOSE FOR TRANSFER OF DATA
Restricted to the purpose of fulfilling the objectives of establishing a business partnership.
Restricted to the purpose of procuring services necessary for the performance of our company's commercial activities, which are outsourced to external suppliers.
Personal data is disclosed, limited to the matters within the scope of activities carried out by the relevant private institutions and organizations.
SECTION 6 - RETENTION AND DELETION OF PERSONAL DATA
Our Company retains personal data for the period necessary to fulfill the purposes for which they are processed and for the minimum duration mandated by applicable legislation. In this context, our Company initially assesses whether any statutory retention period is prescribed under the relevant legislation, and if such a period exists, ensures compliance with it. Where no statutory period is provided, personal data are retained for the period required to achieve the legitimate purposes for which they are processed. Upon the expiration of the applicable retention period, personal data are erased in accordance with scheduled deletion intervals or upon request by the data subject, through legally recognized methods of deletion (erasure and/or anonymization).
SECTION 7 – TRANSFER OF PERSONAL DATA
The 25 PROJE is a globally acting company, so that your personal data processed in connection with the use of these websites may have to be transferred to third countries that do not have an adequate level of data protection according to European data protection law. The receiving bodies may be third parties located outside the European Economic Area (EEA). If there is no adequacy decision by the European Commission for the country of the recipient, we redominantly use binding EU standard contractual clauses to ensure appropriate data protection guarantees and an adequate level of data protection. In individual cases, the transfer of your personal data also takes place based on the exemptions for certain cases pursuant to Article 49 GDPR, such as your consent pursuant to Article 49 (1) (a) in conjunction with Article 6 (1) (a) GDPR. We have done everything possible to protect your personal data through appropriate technical and organizational measures. Please note that you have the right to revoke your consent at any time with effect for the future.
SECTION 8 – RIGHTS OF DATA SUBJECT
We are committed to ensuring that you can exercise your rights with ease and efficiency. To facilitate this process, we kindly request that you specify your preferred format for receiving the requested information. In the absence of a specified format, we will respond in the same manner as your initial inquiry.
Typically, you can expect to receive feedback within one month. However, this timeframe may be extended by an additional two months if necessary, taking into account the complexity and volume of requests. In such instances, we will inform you of the extension within one month of receiving your request, along with the rationale for the delay.
For requests that are manifestly unfounded or excessive, we reserve the right to impose a reasonable fee or to decline the request. To exercise your rights, please reach out to the Data Privacy Officer and provide sufficient proof of your identity.
In cases where there is reasonable doubt regarding your identity—such as during telephone inquiries—we reserve the right to request additional information necessary for identity verification for data protection purposes. This may include a clear copy of a signed identity document (such as a passport, ID card, or driver’s license), which should also be signed if there are substantial doubts. In such situations, please redact any personal information that is not essential for identification. Alternatively, you may verify your identity using a qualified electronic signature (digital signature)
Right of Access – You have the right to obtain confirmation regarding whether your personal data are being processed by us, and if so, to receive relevant details about such processing activities
Data subjects possess the following rights: Right to Rectification – You have the right to correct any inaccuracies in your personal data. Right to Erasure – You may request the erasure of your personal data in certain circumstances, such as when the data are no longer necessary for the purposes for which they were collected. Right to Restriction – In specific cases, you may request that we limit the use of your personal data to storage only, pending the resolution of another request from you. Right to Object – You have the right to object to any further processing of your personal data, within the conditions and limits established by law. Right to Portability – Under certain conditions, you may receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or you may transmit this data to another data controller. Right to Lodge a Complaint – You have the right to file a complaint with the relevant data protection authority or to initiate legal action in court.